Flexible licensing is one of the strong features that makes Dynamics 365 such a compelling CRM choice. A Plan license allows access to everything under the sun! An App license gives access to a particular function set such as Sales, Service, Marketing, Projects and Field Service. There is a third level of licensing, which we will discuss in this post, which is very interesting for organisations looking to give CRM access to the whole organisation. Microsoft offer an incredibly low price, restricted license for Dynamics 365 called the Team Member License. At the time of writing the cost of a standard Team Member License is £6 per head, as opposed to the next license up which is currently £71.60 for an App license and the Plan 1 license weighing in at £86.70. Given the large price difference between the App and the Team Member license you may be forgiven for asking why not just give everyone in the organisation Team Licenses. There are some considerations and we will explain in this post what can and can’t be achieved with Team Member subscriptions.
Trust Based Licensing
The first thing to say is that the reason the Team Member License is priced so low is to bring down the barriers to knowledge sharing among all employees within the organisation. Anyone with a Team Member license can now consume all information within Dynamics 365. The Team Member license has certain restrictions and boundaries that must be adhered to in order to stay within the right side of the licensing agreement. The thing to bear in mind about these restrictions is that all Dynamics 365 licensing is trust-based. What this means is, Microsoft set out the rules and it is your duty as a Microsoft customer to follow them. With the licensing being trust-based there is technically nothing to stop you from assigning a Team Member License to a user and then giving them a security role that allows the user to perform almost any action within Dynamics 365. This would, of course, constitute a breach of the licensing trust and could get you into serious trouble. We felt that we should point this out because we have seen people getting confused around this area. A recent customer told us… “…I have given a user a Team Member License and they can still create Opportunities…”
How do I keep within the rules?
This is achieved in Dynamics 365 by creating security roles for your Team members to match the license restrictions for that particular license type. For example, a user with a Team Member license is not allowed to create Marketing Lists, but they can connect contacts to Marketing Lists thus creating Marketing List Members. So, a Team Member security role must have these options set appropriately. Frustratingly there isn’t an out of the box Team Member Security Role that can be used as a template so the responsibility for creating the security role falls to the system administrator.
What does the team member have access to?
I have gone into more details further below but as a quick summary guide, the Team Member Subscription with maximum allowable permissions turned on has full access to Accounts and Contacts, meaning that they can create, read, update or delete (CRUD) all Accounts and Contacts. They have the same full and complete access to all custom entities. For Example, if you (as a system administrator) created a custom entity called CLI to hold customer device information, the Team Member user can create, read, update and delete CLI’s. Although you would probably not want to allow your Team Members to delete records (this can be prevented within the security role).
There are also restrictions on certain out of the box functions and entities (explained below) but the Team Member can view ALL information in Dynamics 365, meaning that, although they cannot create or edit opportunities, due to licensing limitations, they can view them and view pipelines. It is Microsoft’s opinion that if you want your users to be able to perform specialist role based functions like creating and nurturing Leads, Opportunities or customer service Cases then you need to provide them with a suitable App based license.
Can I create a custom Opportunity or Case entity?
Microsoft are strict around the area of replicating out of the box functionality when it comes to licensing and have included provision for this within the licensing agreement. The following is taken from the licensing guide;
“…If the custom entity is based on or replicates the functionality of entities included in Microsoft Dynamics 365, or if the entity links to entities included in Microsoft Dynamics 365, then users accessing the custom entity must also be licensed to access the included or replicated entity. For example, users creating an entity that replicates the cases entity for a ticketing system would still require the user to be licensed for cases. In other words, customizations may only be performed against entities users are licensed to access.”
Although this seems a little vague what they are saying is that you can’t just create a custom entity called “Service Tickets” for example, and then tell Team Members to use that custom entity to replicate the functionality of Cases. You are also not allowed to try to get around the restriction by creating automated workflows to create cases on behalf of a Team Member. In terms of customer service desk it is worth noting that a Team Member can look after your knowledge base by creating and publishing articles as well as creating and running reports.
The main areas of interest to customers regarding these restrictions appears to be around the creation of Leads, Opportunities and Cases (all are create and edit-restricted). An interesting point to note is that Team Members can create and add activity items to any entity, such as Notes, Phone Calls and Tasks. So, if the user doesn’t need to create cases but just to log the occasional activity against a case then a Team Member License may be adequate for that user.
Below is a bulleted list of items that can be performed by a Team Member. The list comes from Microsoft’s licensing guide to Dynamics 365 and does not include granular detail on every aspect of the licensing permissions. The full list is comprehensive and we would always recommend that customers read the full licensing guide for further clarification (see link below)
Microsoft Dynamics 365 Licensing Guide
Team Member Permissions List
- Accounts and Contacts (CRUD)
- Associate a Marketing List with an Account or Contact
- Activities and Notes (CRUD)
- Post & follow activity feeds
- Yammer collaboration ( Requires Yammer Enterprise License)
- Use a queue item (Actions can be performed only against records corresponding to entities included in the use rights)
- Start dialog (Actions can be performed only against records corresponding to entities included in the use rights)
- Shared Calendar (Actions can be performed only against records corresponding to entities included in the use rights)
- View Announcements (legacy feature)
- Run as an on-demand process (Actions can be performed only against records corresponding to entities included in the use rights)
- Run an automated workflow (Actions can be performed only against records corresponding to entities included in the use rights)
- Use relationships and connections between records (Actions can be performed only against records corresponding to entities included in the use rights)
- Write custom entity records (Custom entities may require a higher CAL depending on the required access. Customizations can only be performed against entities included in the use rights)
- Read custom entity data
- Personal views; Saved Views
- Search & Advanced find search
- Export data to Microsoft Excel
- Perform mail merge
- Dynamics 365 Mobile Client Application
- Microsoft Dynamics 365 for iPad & Windows
- Microsoft Dynamics 365 for Outlook
- Microsoft Dynamics 365 Web application
- Read All Dynamics 365 application data
- Portal or API access Only: Employee Self Service: Submit cases and update Cases user has submitted (as a support client/customer)
- Chat with support team (as chat client for self-service, requires 3rd party solution)
- Portal or API access Only/Non-Employees Only: Update Work Orders
- Portal or API access Only/ Non-Employees Only: Create & Update Opportunities
- Add or remove a Connection (stakeholder, sales team) for an Account or Contact
- Create and update announcements (legacy feature)
- Submit Time & Expense for Project Service Automation
- Update Project Tasks for Project Service Automation
- Update Own Resource Competencies for Project Service Automation
- Apply for Open Project Position for Project Service
- Project Finder Mobile Application
- User reports, charts, and dashboards
- Create, update, customize, and run Reports
- Interactive Service Hub
- Create, Publish, Configure Knowledgebase
- Dynamics 365 – Gamification Fan & Spectator
- Embedded PowerApps (Includes Flow)
- User Interface integration for Microsoft Dynamics 365
Note 1: At least one full user license is required in order to be able to add Team Licenses to the tenancy.
Note 2: Team Members can access any instance of Dynamics 365 as long as it is within the same tenancy. For Example, a sandbox or training instance is accessible to users with a Team Member Subscription.
If you have a question about security roles why not take advantage of our free 30 minute consultancy offer.
Rocket CRM are a leading Dynamics 365 practice based in the UK.